New stable version: HardenedBSD-stable 11-STABLE v46.8

HardenedBSD-11-STABLE-v46.8 - https://github.com/HardenedBSD/hardenedBSD-stable/releases/tag/HardenedB...

Warning: this is a security update

Highlights:

  • Fix unchecked array reference in the VGA device emulation code. (2fe29685ea7484a1cb140d86ab5aa663d3503760) [FreeBSD SA-16:32]
  • The argument validation in r296956 was not enough to close all possible overflows in sysarch(2). (8f57d18797f1c5631faeaac06ce783b7db66fc78) [FreeBSD SA-16:15]

Installer images:
http://installer.hardenedbsd.org/pub/HardenedBSD/releases/amd64/amd64/IS...

CHECKSUM.SHA512:

SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-bootonly.iso) = 5db0166908988def80629bef4355bc50bc62d5664dd1c0f5f1c4b294bf5351f107fb63f307f08145129caa3ecfdc4525d338dec86839e6733f5deab7af732646
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-disc1.iso) = ece2bad0497d5a124d914c7c20a7fce536f5470a18a2db52ac282da38cfae45661b9d66d42ad0eb505ca4efc897a634de3130ba83a648b904a5f0347954b0f34
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-memstick.img) = 466065f868e4980e4f434d0f885d94bd6c7b40d505d34516ab10789512f490b6881973d02f1006123fd381d9ebbfb0c2534565e1424fd58d5d482d59250b3378
SHA512 (HardenedBSD-11-STABLE-v46.8-amd64-mini-memstick.img) = 72bda56b92ff3723c57c9221ec49382d618658087188d93b3dd5603d2fe9b8af1cb0a844d0702f19efdc21ed760f5902cd44552daaf20a9d1bc9723027c3d6a3

CHECKSUM.SHA512.asc:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJYD8fqAAoJEIGbEaJv/RiNyc0P/jHQ+n4sdveq7fgrj1y0sbde
iYrCYD0ueIsb/fhk3/IkQxZ1Hbm42mVQfJ11D6tDfhmUZa1kxKK/3NqSwfitoXQd
D7RWe4dbBDu/AXX8ipUDFelDF/TmkonzC2pU2crwKp+kBzNSMRDSW19qv2LmHc5s
wqsaLlcjO4BFjrLjghuz8gs4Yzvjubd8nkh3e8ZHQEsD1M9ecXAWh0PZeI1tKpR+
ugpctpU8wcWZZDGoGY1bqmUE0nBb+u5yqdNkbnpZZIgHtNsd4Osb9dsXCEkBEzT7
DScXTHbAxhSmRDPIe4HpytW1tc/9A2teOz+FFBlHD4MqYX3QHRyD6MlGnOYD0zun
YEK4O9HSt9DD5Xcf7r6HRDvMEZXMwBC1ExA6Okn3z56r8noEj6beOq4NQbi1o13r
WDStXmzDCbmqzHESS/n0IQkB2bZS/aOqb966hA4lhC2xUzkZ32VVcR3H49kUoAye
TUMWi88GNO0ZKCryl7u9pVSJqP60ms/uBhkpqzhzCXSetfplkUoS5poaKQWCHVsn
c4Qo7O3/PacRDdvu7G29E6M6fkNLwB/YqWz53V7ZpXe64XA+SlvpkuSYJT9vwp2Z
90/yAzxXduOjrzjvfHfSb1hFzveK1W+BCZfFFguOMkYDXlpdlkf927/gbNhEgh/N
YZ+aPrauDTvoK3KHh8uI
=ZcwO
-----END PGP SIGNATURE-----


Changelog:

Oliver Pinter + (7):

  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master
  • Merge branch 'freebsd/11-stable/master' into hardened/11-stable/master


Shawn Webb (1):

  • HBSD: Fix typo


bapt (13):

  • MFC r303784, r303785, r305620:
  • MFC r303783, r305927:
  • MFC r306544:
  • MFC r306554:
  • MFC r307364:
  • MFC r303265:
  • MFC r302471, r302473:
  • MFC r303223:
  • MFC r305707:
  • MFC r307783:
  • MFC r307786:
  • MFC r307787:
  • accept4 actually expect SOCK_NONBLOCK and not O_NONBLOCK


emaste (2):

  • MFC r307520: elfdump: correct DT_AUXILIARY / DT_USED / DT_FILTER definitions
  • MFC r307522: makesyscalls.sh: remove trailing space on the "created from" line


glebius (2):

  • Merge r307936: The argument validation in r296956 was not enough to close all possible overflows in sysarch(2).
  • Merge r307937: Fix unchecked array reference in the VGA device emulation code.


gonzo (4):

  • MFC r306530, r306531, r306532, r306579:
  • MFC r306618, r306619
  • MFC r306647, r306855, r306857
  • MFC r306860:


jch (1):

  • MFC r307551:


kib (3):

  • MFC r307499: Export vm_page_xunbusy_maybelocked().
  • MFC r307501: If vm_fault_hold(9) finds that fs.m is wired, do not free it after a pager error, leave the page to the wire owner.
  • MFC r306680: Reduce the cost of TLB invalidation on x86 by using per-CPU completion flags.


manu (1):

  • MFC r307379:


markj (1):

  • MFC r306570: Allow tracing of functions prefixed by "__".


mm (1):

  • MFC r307215: Sync libarchive with vendor. Style and tests fixes.